Posts

  • Gotenberg - unauthenticated code exec

    Multiple vulnerabilities in Gotenberg (a Docker-powered stateless API for converting HTML, Markdown and Office documents to PDF used as a microservice) version <=6.2.1 allow a remote unauthenticated attacker to execute any command within Docker container.
  • TOTOLINK and other Realtek SDK based routers - full takeover

    Multiple vulnerabilities in several series of Realtek SDK based routers (among them many TOTOLINK models but there are also multiple other vendors affected).
  • D-Link routers - full takeover

    Multiple vulnerabilities in D-Link routers allow to take full control over the device without any user interaction through the Web interface. Verified affected devices: DWR-111, DWR-116, DIR-140L, DIR-640L, DWR-512, DWR-712, DWR-912, DWR-921 but the problem may be related to other as well.
  • ASUS routers - part II (CVE-2017-15653, CVE-2017-15654, CVE-2017-15656)

    Vulnerability in all new ASUS routers which allows to totally take over the device. Up to date of disclosure the vulnerability affected all new versions of ASUSWRT. Older versions were vulnerable too - see CVE-2017-15655.
  • ASUS routers - part I (CVE-2017-15655)

    Vulnerability in older ASUS routers which allows to totally take over the device. Newer versions were vulnerable too - see CVE-2017-15654 and others.
  • ManageEngine Password Manager Pro <= 8.1 (build 8100) - SQL Injection vulnerability

    An authenticated user (even the guest user) is able to execute arbitrary SQL code in ManageEngine Password Manager Pro before version 8.1 (build 8101). This allows the attacker to obtain superadmin priviledges and retrieve full access to all stored secrets.

subscribe via RSS